Syslog UDP and Raw/Plaintext UDP not accepting input, TCP works

crgbt · July 4, 2018, 2:45pm

Hello all,

I have a fresh install of Graylog on CentOS 7 with two inputs:

Syslog TCP on Port 1514
Syslog UDP on Port 1514

The Syslog TCP input is accepting messages from network devices and using Kiwi Syslog Message Generator, however the Syslog UDP input is not accepting (or at least not showing) any messages in Graylog from any device or Kiwi Syslog Message Generator.

I have confirmed:
Ports opened and listening using ss to confirm
Ports allowed through the firewall
The input is running
There is no other firewall between the graylog server and other network devices
No errors in server.log

I have tried:
Disabling firewall
Disabling SELinux
Setting up a different Syslog UDP input on port 8888
Binding the input to the servers IP address rather than 0.0.0.0/127.0.0.1
Setting up a Raw text UDP input on port 1514

I’m pretty stumped now due to the fact TCP works absolutely fine, just not any form of UDP.

Any help is greatly appriciated.

Kind Regards,
crgbt

jochen · July 4, 2018, 2:53pm

Use Wireshark or tcpdump to check whether any UDP packets arrive on the Syslog UDP input at all.
If there was any traffic, Graylog would show that on the System/Inputs page:

system · July 18, 2018, 2:53pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
RSYSLOG UDP works but not SYSLOG TCP Graylog Central (peer support)	9	12192	October 6, 2017
UDP inputs not working Graylog Central (peer support)	3	7636	January 3, 2019
RSyslog - Centos 7 Graylog Central (peer support)	3	1241	October 30, 2018
TCP Syslog does not work Graylog Central (peer support)	3	1321	May 28, 2019
Inputs Syslog UDP/TCP - FAILED Graylog Central (peer support)	2	4289	August 16, 2017

Syslog UDP and Raw/Plaintext UDP not accepting input, TCP works

Related Topics